Buffer Overflow Vulnerability in D-Link Network Attached Storage Devices
CVE-2024-7831
Key Information:
Badges
What is CVE-2024-7831?
A buffer overflow vulnerability exists in multiple D-Link Network Attached Storage (NAS) devices, specifically within the cgi_get_cooliris function of the photocenter_mgr.cgi script. This critical flaw permits remote attackers to manipulate the 'path' argument, potentially leading to arbitrary code execution due to unchecked input. It is important to note that this vulnerability affects devices no longer supported by D-Link, including various models such as the DNS-120, DNS-320 series, and others listed. Since these products have reached their end-of-life status, users are strongly advised to retire them and migrate to supported hardware to ensure security.
Affected Version(s)
DNR-202L 20240814
DNR-322L 20240814
DNR-326 20240814
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved